I think you misunderstand the FTP protocol. The FTP commands are sent to
the server''s port 21 and the data is sent FROM the server port 20 to a
local unprivileged port (>1024).
I think you should set your mark dependant on source port instead of
destination port.
Another way: use passive FTP, where the client initiates the connection to
a unprivileged server port.
(I know I don''t give all the answers here, but hope it''s a
good start for
you.
On Mon, 4 Dec 2000, Stefan Bayer wrote:
> Hello!
> I want to use my isdn (ippp0) connection for ftp transfer and my adsl
> (eth0/ppp0) connection for all other transfer from my LAN (eth1) connected
to
> the router.
> I managed to set up iproute2 with fwmarks to send out packet to ippp0, but
> the data connection is done by adsl.
> What do I have to set up to get this working correctly?
> my iptables setup:
> $IPTABLES -A PREROUTING -t mangle -p TCP -d ! $LOCALNET --dport 21 -j MARK
> --set-mark 1
> $IPTABLES -A PREROUTING -t mangle -p UDP -d ! $LOCALNET --dport 21 -j MARK
> --set-mark 1
> $IPTABLES -A PREROUTING -t mangle -p TCP -d ! $LOCALNET --dport 20 -j MARK
> --set-mark 1
> $IPTABLES -A PREROUTING -t mangle -p UDP -d ! $LOCALNET --dport 20 -j MARK
> --set-mark 1
>
> routing in table ippp0:
> ip route list table ippp0
> 195.3.65.72 dev ippp0 proto kernel scope link src 212.183.78.79
> default via 195.3.65.72 dev ippp0
>
> other routing:
> ip route list
> 212.88.181.5 dev ppp0 proto kernel scope link src 212.88.xxx.xxx
> 195.3.65.0/24 dev ippp0 proto kernel scope link src 212.183.78.79
> 10.0.0.0/24 dev eth0 proto kernel scope link src 10.0.0.2
> 192.168.2.0/24 dev eth1 proto kernel scope link src 192.168.2.1
> 127.0.0.0/8 dev lo scope link
> default via 212.88.181.5 dev ppp0
>
>
> ip rule list
> 0: from all lookup local
> 32765: from all fwmark 1 lookup ippp0
> 32766: from all lookup main
> 32767: from all lookup default